Vulnerabilities > IBM > Websphere Application Server > 7.0.0.22

DATE CVE VULNERABILITY TITLE RISK
2014-01-16 CVE-2013-6725 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-01-16 CVE-2013-6330 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
ibm CWE-200
3.5
3.5
2014-01-16 CVE-2013-6325 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint.
network
ibm CWE-20
4.3
4.3
2013-11-18 CVE-2013-5418 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2013-11-18 CVE-2013-5417 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.
network
ibm CWE-79
4.3
4.3
2013-11-18 CVE-2013-5414 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
network
ibm CWE-264
3.5
3.5
2013-09-20 CVE-2013-4053 Improper Input Validation vulnerability in IBM products
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.
network
ibm CWE-20
6.8
6.8
2013-09-20 CVE-2013-4052 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-08-21 CVE-2013-4005 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
network
ibm CWE-79
3.5
3.5
2013-08-21 CVE-2013-3029 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
network
ibm CWE-352
6.8
6.8